May 2019 - ongoing
3 software developers
React, React Native, Nest, Redux-Saga, React-Admin
VerifiID is an innovative start-up from Liverpool, UK, which focuses on unique age verification solutions. Thanks to the efforts of their team of tech veterans, the company offers the users smart, biometric alternatives to standard proof of age identification. They are currently a forerunner in their industry, and the team is hoping to continue setting standards in age verification.
VerifiID’s goal was to develop a mobile app that could be used for age verification instead of government-issued identification such as a driving license or passport. The app doesn’tstore the users’ personal data, but rather encrypts the information for easy access whenever the user needs to provide proof of age. All the user needs to do is quickly create a secure account by uploading their information in the form of a photo of their ID. The app then uses the latest biometric technology to verify the user’s data with a selfie. For security and control purposes, the sensitive data is fully encrypted and stored on the user’s phone. This allows users to leave their personal IDs in the form of valuable documents at home, instead of carrying them with them every time they go out.
Bars, clubs, and other facilities can register for a companion app by filling in a form with their data. After registering, they are able to download QR code scanners. The bouncer could then scan the QR code in the client’s VerifiID mobile app and verify their age as they enter the facilities. Having an online account on the web component of the app, the bar could also post offers for clients in the app. Additionally, the bar owners would have access to statistics of the clientele, including information on their number, age, gender, date of entry, etc.
One of the requirements of the app was to be able to accurately compare the image from the user’s physical ID document with the uploaded selfie. The VerifiID mobile app needed to be integrated with the chosen service providers which would ensure the accurate reading of facial biometric data.
The challenge was how to register the biometric data of the users within the system without actually storing sensitive data. The goal was to only require users to register once without having to confirm their age within the app multiple times.
The security concerns were addressed by ensuring that there was less data transferred within the network. The users’ personal information is encoded into a PKI certificate that is saved directly to the user’s phone. Any time a user needs to provide proof of age, the app generates a short-lived code that is cryptographically derived from the user's certificate.
Since the user’s data is stored on their phone, not in the network, the user loses access to their account if their phone is lost or stolen. No one else has access to your personal data, since it’s fully encrypted. The key isn’t saved anywhere else, so the only thing that could be done is to reset the hash of the document within the database.
The solution for a user in this situation is to send an email request to reset the personal document, so it can be used again with a new device and registration.
React native was chosen due to its multiplatform nature and its ability to support both systems. React admin served as a framework and proved to be a great solution for the admin panel. It was a standardized solution to problems with creating and modifying data within the app.
AWS cloud and cognito service were used to manage the users in the web version that the verifiers, such as bar owners, can use. This simplified the user authentication and verification processes. AWS SNS was used to send SMS codes and AWS Cloudwatch was used for collecting logs and metrics.
NestJS made it easy to build the application when it came to the back-end. It automized and simplified a lot of processes.
One of the advantages of the app is its lack of a server, which was achieved by using the serverless deployment function in AWS Lambda. It’s one thing less to worry about, especially when dealing with sensitive user data, not to mention having a server would be an additional expense to maintain.
Docker was used for the web app development and back-end, while AWS S3 supports the file upload of ID pictures and selfies.
Rumble Fish are incredibly easy to communicate with and have actively advised and solved many problems we faced. This in turn has subsequently resulted in a much better end product which we are absolutely delighted about. Rumble Fish’s technical expertise and willingness to adapt to our changing needs has helped to add so much value to our project. Professional from the outset, if you want to turn an idea into reality, their team will make it happen. I would highly recommend their services, I wouldn’t take our project anywhere else.
Finding innovative ways to keep facilities and establishments safe
The first truly decentralized stablecoin cryptocurrency on the Ethereum blockchain